We have lots of examples but here is a quick demonstration of how to read all of the packets from a PCAP capture file, reassemble all IP fragments and print each reassembled packet's contents to the system console.
The above example will reassemble 7 IP fragments for the original ICMP message that was 9000 bytes. The original IP fragments are discarded after they are used in reassembly so we end up with a single IP datagram containing the original ICMP message, at full original length.
IPF reassembler is a powerful jNetPcap Processor, that can be configured to meet your specific needs. You can choose to pass through original IP fragments, set timeout parameters for missing fragments, and adjust IPF table sizes.
The output generated by the above example is as follows:
> Pcap 1-liner
Or as close as we can get to a single line of code if we do not have to enable any of the more advanced features such as IpfReassembler, PacketPlayer, DataObfuscator, etc. This is technically the shortest 100% correct pcap code you can write, that reads all packets from a capture file and still performs the following steps:
Open a capture file
Read all of the packets
Dissects and prints full details about every header and protocol attribute for each packet
Close the capture file
Generates the following output: